Sunday, August 12, 2012

Wordpress hacking: Bat Boy and Mr. DJh

Grr!@###$


What a damn nuisance  looks like there is a way to hack your WordPress web site. My research shows it as The Bat Boy or in my case Mr. DJh (see below)


Bat Boy Hack on WordPress


It does 2 things



  1. Changes your admin login & email account in the users table and (this means you can't log in as admin)

  2. Changes index.php code for the theme (which is what shows on the page)


Anyway this is how to fix it:


http://www.youtube.com/watch?v=ESp_rceZ_gw


UNFORTUNATELY, in my case the admin user was unchanged (but I still can't log in) but one of the index.php files in the template was changed (you can see by the edit date on the server) though cleverly in code: starts like


? echo(stripslashes(base64_decode('PGh0bWw+ ..... 


Renaming the folder killed the site so the hack is in there somewhere and this was the only program with a different date that I could find.


At this stage I can either find the index.php file (which is pretty old) or reinstall Wordpress and import the main blog (which I will probably do as it was only my backup anyway). 


I am guessing a flaw was found in one of the versions of WordPress and subsequently fixed by the WordPress people, however (as in my case) this was my backup blog and was quite old - so probably had the flaw still, and so wide open for the hack. My more recent one was left alone (so far) - this one. Can anyone confirm this???


So the Moral is "Keep up with updates" - yes I should know that!!!!

No comments:

Post a Comment